Red Hat Enterprise Linux 7 update for kernel-rt



Published: 2021-03-18 | Updated: 2021-08-15
Risk Medium
Patch available YES
Number of vulnerabilities 11
CVE-ID CVE-2019-19532
CVE-2020-0427
CVE-2020-7053
CVE-2020-14351
CVE-2020-25211
CVE-2020-25645
CVE-2020-25656
CVE-2020-25705
CVE-2020-28374
CVE-2020-29661
CVE-2021-20265
CWE-ID CWE-787
CWE-125
CWE-416
CWE-119
CWE-319
CWE-330
CWE-22
CWE-667
CWE-400
Exploitation vector Network
Public exploit Public exploit code for vulnerability #8 is available.
Vulnerable software
Subscribe
kernel-rt (Red Hat package)
Operating systems & Components / Operating system package or component

Red Hat Enterprise Linux for Real Time
Operating systems & Components / Operating system

Red Hat Enterprise Linux for Real Time for NFV
Operating systems & Components / Operating system

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 11 vulnerabilities.

1) Out-of-bounds write

EUVDB-ID: #VU24440

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-19532

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in drivers/hid/hid-axff.c, drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c, drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c, drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c, drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c, drivers/hid/hid-logitech-hidpp.c, drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c, drivers/hid/hid-tmff.c, and drivers/hid/hid-zpff.c. A local user with physical access can use a malicious USB device in the Linux kernel HID drivers, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel-rt (Red Hat package): 3.10.0-229.1.2.rt56.141.2.el7_1 - 3.10.0-1160.2.2.rt56.1134.el7

Red Hat Enterprise Linux for Real Time: 7

Red Hat Enterprise Linux for Real Time for NFV: 7


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:0857

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Out-of-bounds read

EUVDB-ID: #VU47057

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-0427

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a use after free when processing files. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel-rt (Red Hat package): 3.10.0-229.1.2.rt56.141.2.el7_1 - 3.10.0-1160.2.2.rt56.1134.el7

Red Hat Enterprise Linux for Real Time: 7

Red Hat Enterprise Linux for Real Time for NFV: 7


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:0857

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Use-after-free

EUVDB-ID: #VU24711

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-7053

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the i915_ppgtt_close() function in drivers/gpu/drm/i915/i915_gem_gtt.c, related to i915_gem_context_destroy_ioctl() call in drivers/gpu/drm/i915/i915_gem_context.c. A local user can run a specially crafted application to execute arbitrary code on the system with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel-rt (Red Hat package): 3.10.0-229.1.2.rt56.141.2.el7_1 - 3.10.0-1160.2.2.rt56.1134.el7

Red Hat Enterprise Linux for Real Time: 7

Red Hat Enterprise Linux for Real Time for NFV: 7


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:0857

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Use-after-free

EUVDB-ID: #VU51544

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-14351

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the perf subsystem. A local user with permission to monitor perf events cam corrupt memory and execute arbitrary code with elevated privileges.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel-rt (Red Hat package): 3.10.0-229.1.2.rt56.141.2.el7_1 - 3.10.0-1160.2.2.rt56.1134.el7

Red Hat Enterprise Linux for Real Time: 7

Red Hat Enterprise Linux for Real Time for NFV: 7


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:0857

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Buffer overflow

EUVDB-ID: #VU51545

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-25211

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local user to crash the system.

The vulnerability exists due to a boundary error within the ctnetlink_parse_tuple_filter() function in net/netfilter/nf_conntrack_netlink.c. A local user can inject conntrack netlink configuration, trigger buffer overflow and crash the kernel or force usage of incorrect protocol numbers.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel-rt (Red Hat package): 3.10.0-229.1.2.rt56.141.2.el7_1 - 3.10.0-1160.2.2.rt56.1134.el7

Red Hat Enterprise Linux for Real Time: 7

Red Hat Enterprise Linux for Real Time for NFV: 7


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:0857

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Cleartext transmission of sensitive information

EUVDB-ID: #VU51546

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-25645

CWE-ID: CWE-319 - Cleartext Transmission of Sensitive Information

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to traffic passed between two Geneve endpoints with configured IPsec can be unencrypted for the specific UDP port. A remote attacker with ability to intercept network traffic can gain access to sensitive data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel-rt (Red Hat package): 3.10.0-229.1.2.rt56.141.2.el7_1 - 3.10.0-1160.2.2.rt56.1134.el7

Red Hat Enterprise Linux for Real Time: 7

Red Hat Enterprise Linux for Real Time for NFV: 7


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:0857

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Use-after-free

EUVDB-ID: #VU51547

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-25656

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a use-after-free error in the way the console subsystem uses KDGKBSENT and KDSKBSENT IOCTLs. A local user can run a specially crafted program to trigger an out-of-bounds read and gain access to sensitive information.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel-rt (Red Hat package): 3.10.0-229.1.2.rt56.141.2.el7_1 - 3.10.0-1160.2.2.rt56.1134.el7

Red Hat Enterprise Linux for Real Time: 7

Red Hat Enterprise Linux for Real Time for NFV: 7


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:0857

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) Use of insufficiently random values

EUVDB-ID: #VU49150

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-25705

CWE-ID: CWE-330 - Use of Insufficiently Random Values

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel-rt (Red Hat package): 3.10.0-229.1.2.rt56.141.2.el7_1 - 3.10.0-1160.2.2.rt56.1134.el7

Red Hat Enterprise Linux for Real Time: 7

Red Hat Enterprise Linux for Real Time for NFV: 7


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:0857

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

9) Path traversal

EUVDB-ID: #VU49914

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-28374

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: No

Description

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in drivers/target/target_core_xcopy.c in the Linux kernel. A remote user with access to iSCSI LUN can send a specially crafted XCOPY request and read or write arbitrary files on the system.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel-rt (Red Hat package): 3.10.0-229.1.2.rt56.141.2.el7_1 - 3.10.0-1160.2.2.rt56.1134.el7

Red Hat Enterprise Linux for Real Time: 7

Red Hat Enterprise Linux for Real Time for NFV: 7


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:0857

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

10) Improper locking

EUVDB-ID: #VU51543

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-29661

CWE-ID: CWE-667 - Improper Locking

Exploit availability: No

Description

The vulnerability allows a local user to perform a escalate privileges on the system.

The vulnerability exists due to locking error in the tty subsystem of the Linux kernel in drivers/tty/tty_jobctrl.c. An local user can exploit this vulnerability to trigger a use-after-free error against TIOCSPGRP and execute arbitrary code with elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel-rt (Red Hat package): 3.10.0-229.1.2.rt56.141.2.el7_1 - 3.10.0-1160.2.2.rt56.1134.el7

Red Hat Enterprise Linux for Real Time: 7

Red Hat Enterprise Linux for Real Time for NFV: 7


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:0857

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

11) Resource exhaustion

EUVDB-ID: #VU51548

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-20265

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in the unix_stream_recvmsg function in the Linux kernel when a signal was pending. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

kernel-rt (Red Hat package): 3.10.0-229.1.2.rt56.141.2.el7_1 - 3.10.0-1160.2.2.rt56.1134.el7

Red Hat Enterprise Linux for Real Time: 7

Red Hat Enterprise Linux for Real Time for NFV: 7


CPE2.3 External links

http://access.redhat.com/errata/RHSA-2021:0857

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###